cms
cms copied to clipboard
statamic
[5.x] Ability to disable CP authentication
This pull request implements a new config option, allowing developers to disable the Control Panel authentication pages.
Often times, if you're using something like Jetstream or Laravel Nova which provide their own login pages then you don't want an additional login page for users to somehow find their way to.
Authentication can be disabled by toggling the statamic.cp.auth.enabled option. You may optionally specify a URL for users to be redirected to instead:
<?php
/*
|--------------------------------------------------------------------------
| Authentication
|--------------------------------------------------------------------------
|
| Whether the Control Panel's authentication pages should be enabled,
| or if users should be redirected elsewhere.
|
*/
'auth' => [
'enabled' => false,
'redirect_to' => '/nova',
],
This PR replaces my previous PR, #7617.
Is this planned for 4.X? We would use this in almost all our apps that have a Statamic installation.
Sorry, we don't have an ETA for reviewing/merging this pull request. We'll get to it when we can.
In the meantime, you can pull this PR into your project with a composer patch.
No problem. Thanks for the update and the composer patch package link - very useful!
@duncanmcclean
I was giving this a try with composer patch, all went well. Except, within routes/cp.php:
Shouldn't this:
if (config('statamic.cp.auth', true)) {
Be:
if (config('statamic.cp.auth.enabled', true)) {
Is anyone being hit with a 404 with this PR when attempting to "Resume your session"? Is it possible to disable the ability to resume and auto logout instead?
Yes, I've run into this. This flow needs to be reconsidered when CP login is disabled. We use it in a passwordless login situation so this part makes no sense, it should log out and redirect to the appropriate page.